Access to web services, for example, inspecting, blocking, redirecting, authenticating, is commonly performed by web proxy servers, which filter traffic directed at particular URLs (Uniform Resource Locators). Web proxy servers can also add HTTP headers to HTTP requests. HTTP headers are often used by web servers to define the operation of an HTTP transaction (e.g. grant or block access).
For example, to block access to some Google accounts and services while allowing access to an enterprise Google Apps account, a web proxy server that can perform SSL (Secure Sockets Layer) interception and insert the X-GoogApps-Allowed-Domains HTTP header is needed. However, when using a web proxy server, there are at least two connections, separate from each other, a first TCP (Transport Control Protocol) connection from the client to the proxy server and a second, separate connection from the proxy server to the destination web server.
The first TCP connection terminates and the web proxy server may generate a new TCP connection to the destination web server. This typically impacts performance, latency and changes in network behavior or configuration. Proxying is considered more intrusive compared to an inspection device that is not required to terminate connections at the TCP level and normally forwards the traffic without modifying the packets (at layer 3 and above). Such an inspection device in the case that is not performing TCP termination either explicit like a Web Proxy or implicit (by terminating the TCP connection) at the present can modify the HTTP request by replace bytes in the TCP segment or by shortening the TCP segment but cannot add additional data to the TCP segment, and as such, content of additional bytes of data to the HTTP request cannot be added. As a result, HTTP headers cannot be added to conventional HTTP requests.